@electric-agent/studio 1.0.0

package/dist/server.js

@@ -0,0 +1,1266 @@
+import { execFileSync } from "node:child_process";
+import crypto from "node:crypto";
+import fs from "node:fs";
+import path from "node:path";
+import { DurableStream } from "@durable-streams/client";
+import { ts } from "@electric-agent/protocol";
+import { serve } from "@hono/node-server";
+import { serveStatic } from "@hono/node-server/serve-static";
+import { Hono } from "hono";
+import { cors } from "hono/cors";
+import { DaytonaSessionBridge } from "./bridge/daytona.js";
+import { DockerStdioBridge } from "./bridge/docker-stdio.js";
+import { HostedStreamBridge } from "./bridge/hosted.js";
+import { SpritesStdioBridge } from "./bridge/sprites.js";
+import { DEFAULT_ELECTRIC_URL, getClaimUrl, provisionElectricResources } from "./electric-api.js";
+import { createGate, rejectAllGates, resolveGate } from "./gate.js";
+import { ghListAccounts, ghListBranches, ghListRepos, isGhAuthenticated } from "./git.js";
+import { resolveProjectDir } from "./project-utils.js";
+import { addSession, cleanupStaleSessions, deleteSession, getSession, readSessionIndex, updateSessionInfo, } from "./sessions.js";
+import { getStreamConnectionInfo, getStreamEnvVars, } from "./streams.js";
+/** Active session bridges — one per running session */
+const bridges = new Map();
+function parseRepoNameFromUrl(url) {
+    if (!url)
+        return null;
+    const match = url.match(/github\.com[/:](.+?)(?:\.git)?$/);
+    return match?.[1] ?? null;
+}
+/** Get stream connection info for a session (URL + auth headers) */
+function sessionStream(config, sessionId) {
+    return getStreamConnectionInfo(sessionId, config.streamConfig);
+}
+/** Create or retrieve the SessionBridge for a session */
+function getOrCreateBridge(config, sessionId) {
+    let bridge = bridges.get(sessionId);
+    if (!bridge) {
+        const conn = sessionStream(config, sessionId);
+        bridge = new HostedStreamBridge(sessionId, conn);
+        bridges.set(sessionId, bridge);
+    }
+    return bridge;
+}
+/**
+ * Create a stdio-based bridge for a session after the sandbox has been created.
+ * Replaces any existing hosted bridge for the session.
+ */
+function createStdioBridge(config, sessionId) {
+    const conn = sessionStream(config, sessionId);
+    let bridge;
+    if (config.sandbox.runtime === "daytona") {
+        const daytonaProvider = config.sandbox;
+        const sandbox = daytonaProvider.getSandboxObject(sessionId);
+        if (!sandbox) {
+            throw new Error(`No Daytona sandbox object for session ${sessionId}`);
+        }
+        bridge = new DaytonaSessionBridge(sessionId, conn, sandbox);
+    }
+    else if (config.sandbox.runtime === "sprites") {
+        const spritesProvider = config.sandbox;
+        const sprite = spritesProvider.getSpriteObject(sessionId);
+        if (!sprite) {
+            throw new Error(`No Sprites sandbox object for session ${sessionId}`);
+        }
+        bridge = new SpritesStdioBridge(sessionId, conn, sprite);
+    }
+    else {
+        const dockerProvider = config.sandbox;
+        const containerId = dockerProvider.getContainerId(sessionId);
+        if (!containerId) {
+            throw new Error(`No Docker container found for session ${sessionId}`);
+        }
+        bridge = new DockerStdioBridge(sessionId, conn, containerId);
+    }
+    // Replace any existing bridge
+    closeBridge(sessionId);
+    bridges.set(sessionId, bridge);
+    return bridge;
+}
+/** Close and remove a bridge */
+function closeBridge(sessionId) {
+    const bridge = bridges.get(sessionId);
+    if (bridge) {
+        bridge.close();
+        bridges.delete(sessionId);
+    }
+}
+/**
+ * Detect git operations from natural language prompts.
+ * Returns structured gitOp fields if matched, null otherwise.
+ */
+function detectGitOp(request) {
+    const lower = request.toLowerCase().trim();
+    // Commit: "commit", "commit the code", "commit changes", "commit with message ..."
+    if (/^(git\s+)?commit\b/.test(lower) || /^save\s+(my\s+)?(changes|progress|work)\b/.test(lower)) {
+        // Extract commit message after "commit" keyword, or after "message:" / "msg:"
+        const msgMatch = request.match(/(?:commit\s+(?:with\s+(?:message\s+)?)?|message:\s*|msg:\s*)["']?(.+?)["']?\s*$/i);
+        const message = msgMatch?.[1]?.replace(/^(the\s+)?(code|changes)\s*/i, "").trim();
+        return { gitOp: "commit", gitMessage: message || undefined };
+    }
+    // Push: "push", "push to github", "push to remote", "git push"
+    if (/^(git\s+)?push\b/.test(lower)) {
+        return { gitOp: "push" };
+    }
+    // Create PR: "create pr", "open pr", "make pr", "create pull request"
+    if (/^(create|open|make)\s+(a\s+)?(pr|pull\s*request)\b/.test(lower)) {
+        // Try to extract title after the PR keyword
+        const titleMatch = request.match(/(?:pr|pull\s*request)\s+(?:(?:titled?|called|named)\s+)?["']?(.+?)["']?\s*$/i);
+        return { gitOp: "create-pr", gitPrTitle: titleMatch?.[1] || undefined };
+    }
+    return null;
+}
+/**
+ * Map a Claude Code hook event JSON payload to an EngineEvent.
+ *
+ * After Phase 1 renames, the mapping is nearly 1:1. Claude Code passes
+ * hook data on stdin as JSON with a `hook_event_name` field.
+ *
+ * Returns null for unknown hook types (caller should silently skip).
+ */
+function mapHookToEngineEvent(body) {
+    const hookName = body.hook_event_name;
+    const now = ts();
+    switch (hookName) {
+        case "SessionStart":
+            return {
+                type: "session_start",
+                session_id: body.session_id || "",
+                cwd: body.cwd,
+                ts: now,
+            };
+        case "PreToolUse": {
+            const toolName = body.tool_name || "unknown";
+            const toolUseId = body.tool_use_id || `hook_${Date.now()}`;
+            const toolInput = body.tool_input || {};
+            if (toolName === "TodoWrite") {
+                return {
+                    type: "todo_write",
+                    tool_use_id: toolUseId,
+                    todos: toolInput.todos || [],
+                    ts: now,
+                };
+            }
+            if (toolName === "AskUserQuestion") {
+                const questions = toolInput.questions;
+                const firstQuestion = questions?.[0];
+                return {
+                    type: "ask_user_question",
+                    tool_use_id: toolUseId,
+                    question: firstQuestion?.question || toolInput.question || "",
+                    options: firstQuestion?.options,
+                    ts: now,
+                };
+            }
+            return {
+                type: "pre_tool_use",
+                tool_name: toolName,
+                tool_use_id: toolUseId,
+                tool_input: toolInput,
+                ts: now,
+            };
+        }
+        case "PostToolUse":
+            return {
+                type: "post_tool_use",
+                tool_use_id: body.tool_use_id || "",
+                tool_name: body.tool_name,
+                tool_response: body.tool_response || "",
+                ts: now,
+            };
+        case "PostToolUseFailure":
+            return {
+                type: "post_tool_use_failure",
+                tool_use_id: body.tool_use_id || "",
+                tool_name: body.tool_name || "unknown",
+                error: body.error || "Unknown error",
+                ts: now,
+            };
+        case "Stop":
+            return {
+                type: "assistant_message",
+                text: body.last_assistant_message || "",
+                ts: now,
+            };
+        case "SessionEnd":
+            return {
+                type: "session_end",
+                success: true,
+                ts: now,
+            };
+        case "UserPromptSubmit":
+            return {
+                type: "user_prompt",
+                message: body.prompt || "",
+                ts: now,
+            };
+        case "SubagentStart":
+        case "SubagentStop":
+            return {
+                type: "log",
+                level: "task",
+                message: `${hookName}: ${body.agent_type || "agent"}`,
+                ts: now,
+            };
+        default:
+            return null;
+    }
+}
+export function createApp(config) {
+    const app = new Hono();
+    // CORS for local development
+    app.use("*", cors({ origin: "*" }));
+    // --- API Routes ---
+    // Health check
+    app.get("/api/health", (c) => {
+        const checks = {};
+        let healthy = true;
+        // Stream config
+        if (config.streamConfig.url && config.streamConfig.serviceId && config.streamConfig.secret) {
+            checks.streams = "ok";
+        }
+        else {
+            checks.streams = "error";
+            healthy = false;
+        }
+        // Sandbox runtime
+        checks.sandbox = config.sandbox.runtime;
+        return c.json({ healthy, checks }, healthy ? 200 : 503);
+    });
+    // Provision Electric Cloud resources via the Claim API
+    app.post("/api/provision-electric", async (c) => {
+        try {
+            const result = await provisionElectricResources();
+            return c.json({
+                sourceId: result.source_id,
+                secret: result.secret,
+                databaseUrl: result.DATABASE_URL,
+                electricUrl: DEFAULT_ELECTRIC_URL,
+                claimId: result.claimId,
+                claimUrl: getClaimUrl(result.claimId),
+            });
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : "Provisioning failed";
+            console.error("[provision-electric] Error:", message);
+            return c.json({ error: message }, 500);
+        }
+    });
+    // List all sessions (lazily clean up stale ones)
+    app.get("/api/sessions", (c) => {
+        cleanupStaleSessions(config.dataDir);
+        const index = readSessionIndex(config.dataDir);
+        return c.json(index);
+    });
+    // Get single session
+    app.get("/api/sessions/:id", (c) => {
+        const session = getSession(config.dataDir, c.req.param("id"));
+        if (!session)
+            return c.json({ error: "Session not found" }, 404);
+        return c.json(session);
+    });
+    // --- Local Claude Code session endpoints ---
+    // Create a local session (no sandbox, just a stream + session index entry).
+    // Used for the hook-to-stream bridge: Claude Code running locally forwards
+    // hook events to the web UI via POST /api/sessions/:id/hook-event.
+    app.post("/api/sessions/local", async (c) => {
+        const body = (await c.req.json().catch(() => ({})));
+        const sessionId = crypto.randomUUID();
+        // Create the durable stream
+        const conn = sessionStream(config, sessionId);
+        try {
+            await DurableStream.create({
+                url: conn.url,
+                headers: conn.headers,
+                contentType: "application/json",
+            });
+        }
+        catch (err) {
+            console.error(`[local-session] Failed to create durable stream:`, err);
+            return c.json({ error: "Failed to create event stream" }, 500);
+        }
+        // Record session (no sandbox, no appPort)
+        const session = {
+            id: sessionId,
+            projectName: "local-session",
+            sandboxProjectDir: "",
+            description: body.description || "Local Claude Code session",
+            createdAt: new Date().toISOString(),
+            lastActiveAt: new Date().toISOString(),
+            status: "running",
+        };
+        addSession(config.dataDir, session);
+        // Pre-create a bridge so hook-event can emit to it immediately
+        getOrCreateBridge(config, sessionId);
+        console.log(`[local-session] Created session: ${sessionId}`);
+        return c.json({ sessionId }, 201);
+    });
+    // Auto-register a local session on first hook event (SessionStart).
+    // Eliminates the manual `curl POST /api/sessions/local` step.
+    app.post("/api/sessions/auto", async (c) => {
+        const body = (await c.req.json());
+        const hookName = body.hook_event_name;
+        if (hookName !== "SessionStart") {
+            return c.json({ error: "Only SessionStart events can auto-register a session" }, 400);
+        }
+        const sessionId = crypto.randomUUID();
+        // Create the durable stream
+        const conn = sessionStream(config, sessionId);
+        try {
+            await DurableStream.create({
+                url: conn.url,
+                headers: conn.headers,
+                contentType: "application/json",
+            });
+        }
+        catch (err) {
+            console.error(`[auto-session] Failed to create durable stream:`, err);
+            return c.json({ error: "Failed to create event stream" }, 500);
+        }
+        // Derive project name from cwd
+        const cwd = body.cwd;
+        const projectName = cwd ? path.basename(cwd) : "local-session";
+        const claudeSessionId = body.session_id;
+        const session = {
+            id: sessionId,
+            projectName,
+            sandboxProjectDir: cwd || "",
+            description: `Local session: ${projectName}`,
+            createdAt: new Date().toISOString(),
+            lastActiveAt: new Date().toISOString(),
+            status: "running",
+            claudeSessionId: claudeSessionId || undefined,
+        };
+        addSession(config.dataDir, session);
+        // Create bridge and emit the SessionStart event
+        const bridge = getOrCreateBridge(config, sessionId);
+        const hookEvent = mapHookToEngineEvent(body);
+        if (hookEvent) {
+            await bridge.emit(hookEvent);
+        }
+        console.log(`[auto-session] Created session: ${sessionId} (project: ${projectName})`);
+        return c.json({ sessionId }, 201);
+    });
+    // Receive a hook event from Claude Code (via forward.sh) and write it
+    // to the session's durable stream as an EngineEvent.
+    // For AskUserQuestion, this blocks until the user answers in the web UI.
+    app.post("/api/sessions/:id/hook-event", async (c) => {
+        const sessionId = c.req.param("id");
+        const body = (await c.req.json());
+        const bridge = getOrCreateBridge(config, sessionId);
+        // Map Claude Code hook JSON → EngineEvent
+        const hookEvent = mapHookToEngineEvent(body);
+        if (!hookEvent) {
+            return c.json({ ok: true }); // Unknown hook type — silently skip
+        }
+        try {
+            await bridge.emit(hookEvent);
+        }
+        catch (err) {
+            console.error(`[hook-event] Failed to emit:`, err);
+            return c.json({ error: "Failed to write event" }, 500);
+        }
+        // Bump lastActiveAt on every hook event
+        updateSessionInfo(config.dataDir, sessionId, {});
+        // SessionEnd: mark session complete and close the bridge
+        if (hookEvent.type === "session_end") {
+            updateSessionInfo(config.dataDir, sessionId, { status: "complete" });
+            closeBridge(sessionId);
+            return c.json({ ok: true });
+        }
+        // AskUserQuestion: block until the user answers via the web UI
+        if (hookEvent.type === "ask_user_question") {
+            const toolUseId = hookEvent.tool_use_id;
+            console.log(`[hook-event] Blocking for ask_user_question gate: ${toolUseId}`);
+            try {
+                const gateTimeout = 5 * 60 * 1000; // 5 minutes
+                const answer = await Promise.race([
+                    createGate(sessionId, `ask_user_question:${toolUseId}`),
+                    new Promise((_, reject) => setTimeout(() => reject(new Error("AskUserQuestion gate timed out")), gateTimeout)),
+                ]);
+                console.log(`[hook-event] ask_user_question gate resolved: ${toolUseId}`);
+                return c.json({
+                    hookSpecificOutput: {
+                        hookEventName: "PreToolUse",
+                        permissionDecision: "allow",
+                        updatedInput: {
+                            questions: body.tool_input?.questions,
+                            answers: { [hookEvent.question]: answer.answer },
+                        },
+                    },
+                });
+            }
+            catch (err) {
+                console.error(`[hook-event] ask_user_question gate error:`, err);
+                return c.json({ ok: true }); // Don't block Claude Code on timeout
+            }
+        }
+        return c.json({ ok: true });
+    });
+    // Start new project
+    app.post("/api/sessions", async (c) => {
+        const body = (await c.req.json());
+        if (!body.description) {
+            return c.json({ error: "description is required" }, 400);
+        }
+        const sessionId = crypto.randomUUID();
+        const inferredName = body.name ||
+            (config.inferProjectName
+                ? await config.inferProjectName(body.description)
+                : body.description
+                    .slice(0, 40)
+                    .replace(/[^a-z0-9]+/gi, "-")
+                    .replace(/^-|-$/g, "")
+                    .toLowerCase());
+        const baseDir = body.baseDir || process.cwd();
+        const { projectName } = resolveProjectDir(baseDir, inferredName);
+        console.log(`[session] Creating new session: id=${sessionId} project=${projectName}`);
+        // Create the durable stream
+        const conn = sessionStream(config, sessionId);
+        try {
+            await DurableStream.create({
+                url: conn.url,
+                headers: conn.headers,
+                contentType: "application/json",
+            });
+            console.log(`[session] Durable stream created: ${conn.url}`);
+        }
+        catch (err) {
+            console.error(`[session] Failed to create durable stream:`, err);
+            return c.json({ error: "Failed to create event stream" }, 500);
+        }
+        // Create the initial session bridge (may be replaced with stdio bridge after sandbox creation)
+        let bridge = getOrCreateBridge(config, sessionId);
+        // Record session
+        const sandboxProjectDir = `/home/agent/workspace/${projectName}`;
+        const session = {
+            id: sessionId,
+            projectName,
+            sandboxProjectDir,
+            description: body.description,
+            createdAt: new Date().toISOString(),
+            lastActiveAt: new Date().toISOString(),
+            status: "running",
+        };
+        addSession(config.dataDir, session);
+        // Write user prompt to the stream so it shows in the UI
+        await bridge.emit({ type: "user_prompt", message: body.description, ts: ts() });
+        // Gather GitHub accounts for the merged setup gate
+        let ghAccounts = [];
+        if (isGhAuthenticated(body.ghToken)) {
+            try {
+                ghAccounts = ghListAccounts(body.ghToken);
+            }
+            catch {
+                // gh not available — no repo setup
+            }
+        }
+        // Emit combined infra + repo setup gate
+        await bridge.emit({
+            type: "infra_config_prompt",
+            projectName,
+            ghAccounts,
+            runtime: config.sandbox.runtime,
+            ts: ts(),
+        });
+        // Launch async flow: wait for setup gate → create sandbox → start agent
+        const asyncFlow = async () => {
+            // 1. Wait for combined infra + repo config
+            let infra;
+            let repoConfig = null;
+            console.log(`[session:${sessionId}] Waiting for infra_config gate...`);
+            let claimId;
+            try {
+                const gateValue = await createGate(sessionId, "infra_config");
+                console.log(`[session:${sessionId}] Infra gate resolved: mode=${gateValue.mode}`);
+                if (gateValue.mode === "cloud" || gateValue.mode === "claim") {
+                    // Normalize claim → cloud for the sandbox layer (same env vars)
+                    infra = {
+                        mode: "cloud",
+                        databaseUrl: gateValue.databaseUrl,
+                        electricUrl: gateValue.electricUrl,
+                        sourceId: gateValue.sourceId,
+                        secret: gateValue.secret,
+                    };
+                    if (gateValue.mode === "claim") {
+                        claimId = gateValue.claimId;
+                    }
+                }
+                else {
+                    infra = { mode: "local" };
+                }
+                // Extract repo config if provided
+                if (gateValue.repoAccount && gateValue.repoName?.trim()) {
+                    repoConfig = {
+                        account: gateValue.repoAccount,
+                        repoName: gateValue.repoName,
+                        visibility: gateValue.repoVisibility ?? "private",
+                    };
+                    updateSessionInfo(config.dataDir, sessionId, {
+                        git: {
+                            branch: "main",
+                            remoteUrl: null,
+                            repoName: `${repoConfig.account}/${repoConfig.repoName}`,
+                            repoVisibility: repoConfig.visibility,
+                            lastCommitHash: null,
+                            lastCommitMessage: null,
+                            lastCheckpointAt: null,
+                        },
+                    });
+                }
+            }
+            catch (err) {
+                console.log(`[session:${sessionId}] Infra gate error (defaulting to local):`, err);
+                infra = { mode: "local" };
+            }
+            // 2. Create sandbox — emit progress events so the UI shows feedback
+            await bridge.emit({
+                type: "log",
+                level: "build",
+                message: `Creating ${config.sandbox.runtime} sandbox...`,
+                ts: ts(),
+            });
+            // Only pass stream env vars when using hosted stream bridge (not stdio)
+            const streamEnv = config.bridgeMode === "stdio" ? undefined : getStreamEnvVars(sessionId, config.streamConfig);
+            console.log(`[session:${sessionId}] Creating sandbox: runtime=${config.sandbox.runtime} project=${projectName} bridgeMode=${config.bridgeMode}`);
+            const handle = await config.sandbox.create(sessionId, {
+                projectName,
+                infra,
+                streamEnv,
+                deferAgentStart: config.bridgeMode === "stdio",
+                apiKey: body.apiKey,
+                oauthToken: body.oauthToken,
+                ghToken: body.ghToken,
+            });
+            console.log(`[session:${sessionId}] Sandbox created: projectDir=${handle.projectDir} port=${handle.port} previewUrl=${handle.previewUrl ?? "none"}`);
+            await bridge.emit({
+                type: "log",
+                level: "done",
+                message: `Sandbox ready (${config.sandbox.runtime})`,
+                ts: ts(),
+            });
+            updateSessionInfo(config.dataDir, sessionId, {
+                appPort: handle.port,
+                sandboxProjectDir: handle.projectDir,
+                previewUrl: handle.previewUrl,
+                ...(claimId ? { claimId } : {}),
+            });
+            // 3. If stdio bridge mode, create the stdio bridge now that the sandbox exists.
+            // If stream bridge mode with Sprites, launch the agent process in the sprite
+            // (it connects directly to the hosted Durable Stream via DS_URL env vars).
+            if (config.bridgeMode === "stdio") {
+                console.log(`[session:${sessionId}] Creating stdio bridge...`);
+                bridge = createStdioBridge(config, sessionId);
+            }
+            else if (config.sandbox.runtime === "sprites") {
+                await bridge.emit({
+                    type: "log",
+                    level: "build",
+                    message: "Starting agent in sandbox...",
+                    ts: ts(),
+                });
+                console.log(`[session:${sessionId}] Starting agent process in sprite...`);
+                try {
+                    const spritesProvider = config.sandbox;
+                    await spritesProvider.startAgent(handle);
+                    // Give the agent time to start and connect to the stream
+                    await new Promise((r) => setTimeout(r, 3000));
+                    console.log(`[session:${sessionId}] Agent process launched in sprite`);
+                    await bridge.emit({
+                        type: "log",
+                        level: "done",
+                        message: "Agent started",
+                        ts: ts(),
+                    });
+                }
+                catch (err) {
+                    console.error(`[session:${sessionId}] Failed to start agent in sprite:`, err);
+                    await bridge.emit({
+                        type: "log",
+                        level: "error",
+                        message: `Failed to start agent: ${err instanceof Error ? err.message : "unknown error"}`,
+                        ts: ts(),
+                    });
+                }
+            }
+            // 4. Log repo config
+            if (repoConfig) {
+                await bridge.emit({
+                    type: "log",
+                    level: "done",
+                    message: `GitHub repo: ${repoConfig.account}/${repoConfig.repoName} (${repoConfig.visibility}) — will be created after scaffolding`,
+                    ts: ts(),
+                });
+            }
+            // 5. Start listening for agent events via the bridge
+            bridge.onComplete(async (success) => {
+                const updates = {
+                    status: success ? "complete" : "error",
+                };
+                try {
+                    const gs = await config.sandbox.gitStatus(handle, handle.projectDir);
+                    if (gs.initialized) {
+                        const existing = getSession(config.dataDir, sessionId);
+                        updates.git = {
+                            branch: gs.branch ?? "main",
+                            remoteUrl: existing?.git?.remoteUrl ?? null,
+                            repoName: existing?.git?.repoName ?? null,
+                            repoVisibility: existing?.git?.repoVisibility,
+                            lastCommitHash: gs.lastCommitHash ?? null,
+                            lastCommitMessage: gs.lastCommitMessage ?? null,
+                            lastCheckpointAt: existing?.git?.lastCheckpointAt ?? null,
+                        };
+                    }
+                }
+                catch {
+                    // Container may already be stopped
+                }
+                updateSessionInfo(config.dataDir, sessionId, updates);
+            });
+            console.log(`[session:${sessionId}] Starting bridge listener...`);
+            await bridge.start();
+            console.log(`[session:${sessionId}] Bridge started, sending 'new' command...`);
+            // 5. Send the new command via the bridge
+            const newCmd = {
+                command: "new",
+                description: body.description,
+                projectName,
+                baseDir: "/home/agent/workspace",
+            };
+            if (repoConfig) {
+                newCmd.gitRepoName = `${repoConfig.account}/${repoConfig.repoName}`;
+                newCmd.gitRepoVisibility = repoConfig.visibility;
+            }
+            await bridge.sendCommand(newCmd);
+            console.log(`[session:${sessionId}] Command sent, waiting for agent...`);
+        };
+        asyncFlow().catch((err) => {
+            console.error(`[session:${sessionId}] Session creation flow failed:`, err);
+            updateSessionInfo(config.dataDir, sessionId, { status: "error" });
+        });
+        return c.json({ sessionId }, 201);
+    });
+    // Send iteration request
+    app.post("/api/sessions/:id/iterate", async (c) => {
+        const sessionId = c.req.param("id");
+        const session = getSession(config.dataDir, sessionId);
+        if (!session)
+            return c.json({ error: "Session not found" }, 404);
+        const body = (await c.req.json());
+        if (!body.request) {
+            return c.json({ error: "request is required" }, 400);
+        }
+        // Intercept operational commands (start/stop/restart the app/server)
+        const normalised = body.request
+            .toLowerCase()
+            .replace(/[^a-z ]/g, "")
+            .trim();
+        const appOrServer = /\b(app|server|dev server|dev|vite)\b/;
+        const isStartCmd = /^(start|run|launch|boot)\b/.test(normalised) && appOrServer.test(normalised);
+        const isStopCmd = /^(stop|kill|shutdown|shut down)\b/.test(normalised) && appOrServer.test(normalised);
+        const isRestartCmd = /^restart\b/.test(normalised) && appOrServer.test(normalised);
+        if (isStartCmd || isStopCmd || isRestartCmd) {
+            const bridge = getOrCreateBridge(config, sessionId);
+            await bridge.emit({ type: "user_prompt", message: body.request, ts: ts() });
+            try {
+                const handle = config.sandbox.get(sessionId);
+                if (isStopCmd) {
+                    if (handle && config.sandbox.isAlive(handle))
+                        await config.sandbox.stopApp(handle);
+                    await bridge.emit({ type: "log", level: "done", message: "App stopped", ts: ts() });
+                }
+                else {
+                    if (!handle || !config.sandbox.isAlive(handle)) {
+                        return c.json({ error: "Container is not running" }, 400);
+                    }
+                    if (isRestartCmd)
+                        await config.sandbox.stopApp(handle);
+                    await config.sandbox.startApp(handle);
+                    await bridge.emit({
+                        type: "log",
+                        level: "done",
+                        message: "App started",
+                        ts: ts(),
+                    });
+                    await bridge.emit({ type: "app_ready", port: session.appPort, ts: ts() });
+                }
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : "Operation failed";
+                await bridge.emit({ type: "log", level: "error", message: msg, ts: ts() });
+            }
+            return c.json({ ok: true });
+        }
+        // Intercept git commands (commit, push, create PR)
+        const gitOp = detectGitOp(body.request);
+        if (gitOp) {
+            const bridge = getOrCreateBridge(config, sessionId);
+            await bridge.emit({ type: "user_prompt", message: body.request, ts: ts() });
+            const handle = config.sandbox.get(sessionId);
+            if (!handle || !config.sandbox.isAlive(handle)) {
+                return c.json({ error: "Container is not running" }, 400);
+            }
+            await bridge.sendCommand({
+                command: "git",
+                projectDir: session.sandboxProjectDir || handle.projectDir,
+                ...gitOp,
+            });
+            return c.json({ ok: true });
+        }
+        const handle = config.sandbox.get(sessionId);
+        if (!handle || !config.sandbox.isAlive(handle)) {
+            return c.json({ error: "Container is not running" }, 400);
+        }
+        // Write user prompt to the stream
+        const bridge = getOrCreateBridge(config, sessionId);
+        await bridge.emit({ type: "user_prompt", message: body.request, ts: ts() });
+        updateSessionInfo(config.dataDir, sessionId, { status: "running" });
+        await bridge.sendCommand({
+            command: "iterate",
+            projectDir: session.sandboxProjectDir || handle.projectDir,
+            request: body.request,
+            resumeSessionId: session.lastCoderSessionId,
+        });
+        return c.json({ ok: true });
+    });
+    // Respond to a gate (approval, clarification, continue, revision)
+    app.post("/api/sessions/:id/respond", async (c) => {
+        const sessionId = c.req.param("id");
+        console.log(`[respond] incoming request for session=${sessionId}`);
+        const body = (await c.req.json());
+        const gate = body.gate;
+        console.log(`[respond] gate=${gate} body=${JSON.stringify(body)}`);
+        if (!gate) {
+            return c.json({ error: "gate is required" }, 400);
+        }
+        // Client may pass a human-readable summary of the decision for replay display
+        const summary = body._summary || undefined;
+        // AskUserQuestion gates: resolve the blocking hook-event and emit gate_resolved
+        if (gate === "ask_user_question") {
+            const toolUseId = body.toolUseId;
+            if (!toolUseId) {
+                return c.json({ error: "toolUseId is required for ask_user_question" }, 400);
+            }
+            const answer = body.answer || "";
+            const resolved = resolveGate(sessionId, `ask_user_question:${toolUseId}`, { answer });
+            if (!resolved) {
+                return c.json({ error: "No pending ask_user_question gate found" }, 404);
+            }
+            // Emit gate_resolved for replay
+            try {
+                const bridge = getOrCreateBridge(config, sessionId);
+                await bridge.emit({ type: "gate_resolved", gate: "ask_user_question", summary, ts: ts() });
+            }
+            catch {
+                // Non-critical
+            }
+            return c.json({ ok: true });
+        }
+        // Server-side gates are resolved in-process (they run on the server, not inside the container)
+        const serverGates = new Set(["infra_config"]);
+        // Forward agent gate responses via the bridge
+        if (!serverGates.has(gate)) {
+            const bridge = bridges.get(sessionId);
+            if (!bridge) {
+                return c.json({ error: "No active bridge found" }, 404);
+            }
+            const { gate: _, _summary: _s, ...value } = body;
+            await bridge.sendGateResponse(gate, value);
+            // Persist gate resolution for replay
+            try {
+                await bridge.emit({ type: "gate_resolved", gate, summary, ts: ts() });
+            }
+            catch {
+                // Non-critical
+            }
+            return c.json({ ok: true });
+        }
+        // Resolve in-process gate
+        let value;
+        switch (gate) {
+            case "infra_config":
+                if (body.mode === "cloud" || body.mode === "claim") {
+                    value = {
+                        mode: body.mode,
+                        databaseUrl: body.databaseUrl,
+                        electricUrl: body.electricUrl,
+                        sourceId: body.sourceId,
+                        secret: body.secret,
+                        claimId: body.claimId,
+                        repoAccount: body.repoAccount,
+                        repoName: body.repoName,
+                        repoVisibility: body.repoVisibility,
+                    };
+                }
+                else {
+                    value = {
+                        mode: "local",
+                        repoAccount: body.repoAccount,
+                        repoName: body.repoName,
+                        repoVisibility: body.repoVisibility,
+                    };
+                }
+                break;
+            default:
+                return c.json({ error: `Unknown gate: ${gate}` }, 400);
+        }
+        console.log(`[respond] session=${sessionId} gate=${gate} value=${JSON.stringify(value)}`);
+        const resolved = resolveGate(sessionId, gate, value);
+        if (!resolved) {
+            console.log(`[respond] NO pending gate found for ${sessionId}:${gate}`);
+            return c.json({ error: "No pending gate found" }, 404);
+        }
+        // Build structured details for the infra_config gate so the UI can
+        // display them on both live sessions and session replay.
+        let details;
+        if (gate === "infra_config") {
+            const modeLabels = {
+                claim: "Provisioned (Cloud)",
+                local: "Local (Docker)",
+                cloud: "Electric Cloud (BYO)",
+            };
+            details = { Infrastructure: modeLabels[body.mode] ?? String(body.mode) };
+            if (body.mode === "cloud" || body.mode === "claim") {
+                if (body.databaseUrl)
+                    details["Connection string"] = body.databaseUrl;
+                if (body.sourceId)
+                    details["Source ID"] = body.sourceId;
+            }
+            if (body.mode === "claim" && body.claimId) {
+                details["Claim link"] = getClaimUrl(body.claimId);
+            }
+            if (body.repoAccount && body.repoName?.trim()) {
+                details.Repository = `${body.repoAccount}/${body.repoName}`;
+                details.Visibility = body.repoVisibility || "private";
+            }
+        }
+        // Persist gate resolution so replays mark the gate as resolved
+        try {
+            const bridge = getOrCreateBridge(config, sessionId);
+            await bridge.emit({ type: "gate_resolved", gate, summary, details, ts: ts() });
+        }
+        catch {
+            // Non-critical
+        }
+        console.log(`[respond] gate ${gate} resolved successfully`);
+        return c.json({ ok: true });
+    });
+    // Check app status
+    app.get("/api/sessions/:id/app-status", async (c) => {
+        const sessionId = c.req.param("id");
+        const session = getSession(config.dataDir, sessionId);
+        if (!session)
+            return c.json({ error: "Session not found" }, 404);
+        const handle = config.sandbox.get(sessionId);
+        if (!handle || !config.sandbox.isAlive(handle)) {
+            return c.json({ running: false, port: session.appPort, previewUrl: session.previewUrl });
+        }
+        const running = await config.sandbox.isAppRunning(handle);
+        return c.json({
+            running,
+            port: handle.port ?? session.appPort,
+            previewUrl: handle.previewUrl ?? session.previewUrl,
+        });
+    });
+    // Start the generated app
+    app.post("/api/sessions/:id/start-app", async (c) => {
+        const sessionId = c.req.param("id");
+        const session = getSession(config.dataDir, sessionId);
+        if (!session)
+            return c.json({ error: "Session not found" }, 404);
+        const handle = config.sandbox.get(sessionId);
+        if (!handle || !config.sandbox.isAlive(handle)) {
+            return c.json({ error: "Container is not running" }, 400);
+        }
+        const ok = await config.sandbox.startApp(handle);
+        return c.json({ ok });
+    });
+    // Stop the generated app
+    app.post("/api/sessions/:id/stop-app", async (c) => {
+        const sessionId = c.req.param("id");
+        const session = getSession(config.dataDir, sessionId);
+        if (!session)
+            return c.json({ error: "Session not found" }, 404);
+        const handle = config.sandbox.get(sessionId);
+        if (handle && config.sandbox.isAlive(handle)) {
+            await config.sandbox.stopApp(handle);
+        }
+        return c.json({ success: true });
+    });
+    // Cancel a running session
+    app.post("/api/sessions/:id/cancel", async (c) => {
+        const sessionId = c.req.param("id");
+        closeBridge(sessionId);
+        const handle = config.sandbox.get(sessionId);
+        if (handle)
+            await config.sandbox.destroy(handle);
+        rejectAllGates(sessionId);
+        updateSessionInfo(config.dataDir, sessionId, { status: "cancelled" });
+        return c.json({ ok: true });
+    });
+    // Delete a session
+    app.delete("/api/sessions/:id", async (c) => {
+        const sessionId = c.req.param("id");
+        closeBridge(sessionId);
+        const handle = config.sandbox.get(sessionId);
+        if (handle)
+            await config.sandbox.destroy(handle);
+        rejectAllGates(sessionId);
+        const deleted = deleteSession(config.dataDir, sessionId);
+        if (!deleted)
+            return c.json({ error: "Session not found" }, 404);
+        return c.json({ ok: true });
+    });
+    // --- Sandbox CRUD Routes ---
+    // List all active sandboxes
+    app.get("/api/sandboxes", (c) => {
+        const sandboxes = config.sandbox.list().map((h) => ({
+            sessionId: h.sessionId,
+            runtime: h.runtime,
+            port: h.port,
+            projectDir: h.projectDir,
+            previewUrl: h.previewUrl,
+            alive: config.sandbox.isAlive(h),
+        }));
+        return c.json({ sandboxes });
+    });
+    // Get a specific sandbox's status
+    app.get("/api/sandboxes/:sessionId", async (c) => {
+        const sessionId = c.req.param("sessionId");
+        const handle = config.sandbox.get(sessionId);
+        if (!handle)
+            return c.json({ error: "Sandbox not found" }, 404);
+        const alive = config.sandbox.isAlive(handle);
+        const appRunning = alive ? await config.sandbox.isAppRunning(handle) : false;
+        return c.json({
+            sessionId: handle.sessionId,
+            runtime: handle.runtime,
+            port: handle.port,
+            projectDir: handle.projectDir,
+            previewUrl: handle.previewUrl,
+            alive,
+            appRunning,
+        });
+    });
+    // Create a standalone sandbox (not tied to session creation flow)
+    app.post("/api/sandboxes", async (c) => {
+        const body = (await c.req.json());
+        const sessionId = body.sessionId ?? crypto.randomUUID();
+        const streamEnv = getStreamEnvVars(sessionId, config.streamConfig);
+        try {
+            const handle = await config.sandbox.create(sessionId, {
+                projectName: body.projectName,
+                infra: body.infra,
+                streamEnv,
+            });
+            return c.json({
+                sessionId: handle.sessionId,
+                runtime: handle.runtime,
+                port: handle.port,
+                projectDir: handle.projectDir,
+                previewUrl: handle.previewUrl,
+            }, 201);
+        }
+        catch (e) {
+            const msg = e instanceof Error ? e.message : "Failed to create sandbox";
+            return c.json({ error: msg }, 500);
+        }
+    });
+    // Delete a sandbox
+    app.delete("/api/sandboxes/:sessionId", async (c) => {
+        const sessionId = c.req.param("sessionId");
+        const handle = config.sandbox.get(sessionId);
+        if (!handle)
+            return c.json({ error: "Sandbox not found" }, 404);
+        closeBridge(sessionId);
+        await config.sandbox.destroy(handle);
+        return c.json({ ok: true });
+    });
+    // --- SSE Proxy ---
+    // Server-side SSE proxy: reads from the hosted durable stream and proxies
+    // events to the React client. The client never sees DS credentials.
+    app.get("/api/sessions/:id/events", async (c) => {
+        const sessionId = c.req.param("id");
+        console.log(`[sse] Client connected: session=${sessionId}`);
+        const session = getSession(config.dataDir, sessionId);
+        if (!session) {
+            console.log(`[sse] Session not found: ${sessionId}`);
+            return c.json({ error: "Session not found" }, 404);
+        }
+        // Get the stream connection info
+        const connection = sessionStream(config, sessionId);
+        // Last-Event-ID allows reconnection from where the client left off
+        const lastEventId = c.req.header("Last-Event-ID") || "-1";
+        console.log(`[sse] Reading stream from offset=${lastEventId} url=${connection.url}`);
+        const reader = new DurableStream({
+            url: connection.url,
+            headers: connection.headers,
+            contentType: "application/json",
+        });
+        const { readable, writable } = new TransformStream();
+        const writer = writable.getWriter();
+        const encoder = new TextEncoder();
+        let cancelled = false;
+        let eventCount = 0;
+        const response = await reader.stream({
+            offset: lastEventId,
+            live: true,
+        });
+        const cancel = response.subscribeJson((batch) => {
+            if (cancelled)
+                return;
+            for (const item of batch.items) {
+                // Skip internal protocol messages (commands sent to agent, gate responses)
+                // but allow server-emitted EngineEvents (like infra_config_prompt) through
+                const msgType = item.type;
+                if (msgType === "command" || msgType === "gate_response") {
+                    console.log(`[sse] Filtered protocol message: type=${msgType} source=${item.source} session=${sessionId}`);
+                    continue;
+                }
+                eventCount++;
+                console.log(`[sse] Proxying event #${eventCount}: type=${msgType} source=${item.source} session=${sessionId}`);
+                // Strip the source field before sending to client
+                const { source: _, ...eventData } = item;
+                const data = JSON.stringify(eventData);
+                writer.write(encoder.encode(`id:${batch.offset}\ndata:${data}\n\n`)).catch(() => {
+                    cancelled = true;
+                });
+            }
+        });
+        // Clean up when client disconnects
+        c.req.raw.signal.addEventListener("abort", () => {
+            console.log(`[sse] Client disconnected: session=${sessionId} (sent ${eventCount} events)`);
+            cancelled = true;
+            cancel();
+            writer.close().catch(() => { });
+        });
+        return new Response(readable, {
+            headers: {
+                "Content-Type": "text/event-stream",
+                "Cache-Control": "no-cache",
+                Connection: "keep-alive",
+                "Access-Control-Allow-Origin": "*",
+            },
+        });
+    });
+    // --- Git/GitHub Routes ---
+    // Get git status for a session
+    app.get("/api/sessions/:id/git-status", async (c) => {
+        const sessionId = c.req.param("id");
+        const session = getSession(config.dataDir, sessionId);
+        if (!session)
+            return c.json({ error: "Session not found" }, 404);
+        const handle = config.sandbox.get(sessionId);
+        if (!handle) {
+            return c.json({ error: "Container not available" }, 404);
+        }
+        try {
+            const status = await config.sandbox.gitStatus(handle, session.sandboxProjectDir || handle.projectDir);
+            return c.json(status);
+        }
+        catch (e) {
+            return c.json({ error: e instanceof Error ? e.message : "Failed to get git status" }, 500);
+        }
+    });
+    // List all files in the project directory
+    app.get("/api/sessions/:id/files", async (c) => {
+        const sessionId = c.req.param("id");
+        const session = getSession(config.dataDir, sessionId);
+        if (!session)
+            return c.json({ error: "Session not found" }, 404);
+        const handle = config.sandbox.get(sessionId);
+        const sandboxDir = session.sandboxProjectDir;
+        if (!handle || !sandboxDir) {
+            return c.json({ files: [], prefix: sandboxDir ?? "" });
+        }
+        const files = await config.sandbox.listFiles(handle, sandboxDir);
+        return c.json({ files, prefix: sandboxDir });
+    });
+    // Read a file's content
+    app.get("/api/sessions/:id/file-content", async (c) => {
+        const sessionId = c.req.param("id");
+        const session = getSession(config.dataDir, sessionId);
+        if (!session)
+            return c.json({ error: "Session not found" }, 404);
+        const filePath = c.req.query("path");
+        if (!filePath)
+            return c.json({ error: "path query parameter required" }, 400);
+        const handle = config.sandbox.get(sessionId);
+        const sandboxDir = session.sandboxProjectDir;
+        if (!handle || !sandboxDir) {
+            return c.json({ error: "Container not available" }, 404);
+        }
+        if (!filePath.startsWith(sandboxDir)) {
+            return c.json({ error: "Path outside project directory" }, 403);
+        }
+        const content = await config.sandbox.readFile(handle, filePath);
+        if (content === null) {
+            return c.json({ error: "File not found or unreadable" }, 404);
+        }
+        return c.json({ content });
+    });
+    // List GitHub accounts (personal + orgs)
+    app.get("/api/github/accounts", (c) => {
+        const token = c.req.header("X-GH-Token") || undefined;
+        try {
+            const accounts = ghListAccounts(token);
+            return c.json({ accounts });
+        }
+        catch (e) {
+            return c.json({ error: e instanceof Error ? e.message : "Failed to list accounts" }, 500);
+        }
+    });
+    // List GitHub repos for the authenticated user
+    app.get("/api/github/repos", (c) => {
+        const token = c.req.header("X-GH-Token") || undefined;
+        try {
+            const repos = ghListRepos(50, token);
+            return c.json({ repos });
+        }
+        catch (e) {
+            return c.json({ error: e instanceof Error ? e.message : "Failed to list repos" }, 500);
+        }
+    });
+    app.get("/api/github/repos/:owner/:repo/branches", (c) => {
+        const owner = c.req.param("owner");
+        const repo = c.req.param("repo");
+        const token = c.req.header("X-GH-Token") || undefined;
+        try {
+            const branches = ghListBranches(`${owner}/${repo}`, token);
+            return c.json({ branches });
+        }
+        catch (e) {
+            return c.json({ error: e instanceof Error ? e.message : "Failed to list branches" }, 500);
+        }
+    });
+    // Read Claude credentials from macOS Keychain (dev convenience)
+    app.get("/api/credentials/keychain", (c) => {
+        if (process.platform !== "darwin") {
+            return c.json({ apiKey: null });
+        }
+        try {
+            const raw = execFileSync("security", ["find-generic-password", "-s", "Claude Code-credentials", "-w"], { encoding: "utf-8", timeout: 3000, stdio: ["ignore", "pipe", "ignore"] }).trim();
+            const parsed = JSON.parse(raw);
+            const token = parsed.claudeAiOauth?.accessToken ?? null;
+            if (token) {
+                console.log(`[dev] Loaded OAuth token from keychain: ${token.slice(0, 20)}...${token.slice(-10)}`);
+            }
+            else {
+                console.log("[dev] No OAuth token found in keychain");
+            }
+            return c.json({ oauthToken: token });
+        }
+        catch {
+            return c.json({ oauthToken: null });
+        }
+    });
+    // Resume a project from a GitHub repo
+    app.post("/api/sessions/resume", async (c) => {
+        const body = (await c.req.json());
+        if (!body.repoUrl) {
+            return c.json({ error: "repoUrl is required" }, 400);
+        }
+        const sessionId = crypto.randomUUID();
+        const repoName = body.repoUrl
+            .split("/")
+            .pop()
+            ?.replace(/\.git$/, "") || "resumed-project";
+        // Create durable stream
+        const conn = sessionStream(config, sessionId);
+        try {
+            await DurableStream.create({
+                url: conn.url,
+                headers: conn.headers,
+                contentType: "application/json",
+            });
+        }
+        catch {
+            return c.json({ error: "Failed to create event stream" }, 500);
+        }
+        try {
+            const handle = await config.sandbox.createFromRepo(sessionId, body.repoUrl, {
+                branch: body.branch,
+                apiKey: body.apiKey,
+                oauthToken: body.oauthToken,
+                ghToken: body.ghToken,
+            });
+            // Get git state from cloned repo inside the container
+            const gs = await config.sandbox.gitStatus(handle, handle.projectDir);
+            const session = {
+                id: sessionId,
+                projectName: repoName,
+                sandboxProjectDir: handle.projectDir,
+                description: `Resumed from ${body.repoUrl}`,
+                createdAt: new Date().toISOString(),
+                lastActiveAt: new Date().toISOString(),
+                status: "complete",
+                appPort: handle.port,
+                git: {
+                    branch: gs.branch ?? body.branch ?? "main",
+                    remoteUrl: body.repoUrl,
+                    repoName: parseRepoNameFromUrl(body.repoUrl),
+                    lastCommitHash: gs.lastCommitHash ?? null,
+                    lastCommitMessage: gs.lastCommitMessage ?? null,
+                    lastCheckpointAt: null,
+                },
+            };
+            addSession(config.dataDir, session);
+            // Write initial message to stream
+            const bridge = getOrCreateBridge(config, sessionId);
+            await bridge.emit({
+                type: "log",
+                level: "done",
+                message: `Resumed from ${body.repoUrl}`,
+                ts: ts(),
+            });
+            return c.json({ sessionId, appPort: handle.port }, 201);
+        }
+        catch (e) {
+            const msg = e instanceof Error ? e.message : "Failed to resume from repo";
+            return c.json({ error: msg }, 500);
+        }
+    });
+    // Serve static SPA files (if built)
+    const clientDir = path.resolve(path.dirname(new URL(import.meta.url).pathname), "./client");
+    if (fs.existsSync(clientDir)) {
+        app.use("/*", serveStatic({ root: clientDir }));
+        app.get("*", (c) => {
+            const indexPath = path.join(clientDir, "index.html");
+            if (fs.existsSync(indexPath)) {
+                return c.html(fs.readFileSync(indexPath, "utf-8"));
+            }
+            return c.text("Web UI not built. Run: npm run build:web", 404);
+        });
+    }
+    else {
+        app.get("/", (c) => {
+            return c.text("Web UI not built. Run: npm run build:web", 404);
+        });
+    }
+    return app;
+}
+export async function startWebServer(opts) {
+    const config = {
+        port: opts.port ?? 4400,
+        dataDir: opts.dataDir ?? path.resolve(process.cwd(), ".electric-agent"),
+        sandbox: opts.sandbox,
+        streamConfig: opts.streamConfig,
+        bridgeMode: opts.bridgeMode ?? "stream",
+        inferProjectName: opts.inferProjectName,
+    };
+    fs.mkdirSync(config.dataDir, { recursive: true });
+    // Clean up stale sessions from previous runs
+    const cleaned = cleanupStaleSessions(config.dataDir);
+    if (cleaned > 0) {
+        console.log(`[startup] Cleaned up ${cleaned} stale session(s)`);
+    }
+    const app = createApp(config);
+    const hostname = process.env.NODE_ENV === "production" ? "0.0.0.0" : "127.0.0.1";
+    serve({
+        fetch: app.fetch,
+        port: config.port,
+        hostname,
+    });
+    console.log(`Web UI server running at http://${hostname}:${config.port}`);
+    console.log(`Streams: ${config.streamConfig.url} (service: ${config.streamConfig.serviceId})`);
+}
+//# sourceMappingURL=server.js.map